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SECURE FIL E TRANSFER METHOD ANn SvgTFA/r 

The present invention relates to a method and system for confirming that an 
electronic data file downloaded from a remote computer server by way of the 

5 Internet, the World-Wide Web (the Web) or otherwise has been obtained from an 
authentic or authorised source. 
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With the recent and rapid expansion of the Internet and the Web and other protocols 
for transferring large amounts of data between remote computers by way of 
telecommunications links and the like, it has now become increasingly : easy to copy 
and transfer files containing video and: audio recordings as well 'as many other 
software applications. Standard file formats such as MP3, MPEG, JPEG and many 
more allow high quality digital audio and video recordings to^e/downlbaded for very 
little, if any, cost and to be played back at any convenient time, possibly by way of 
portable units such as pocket MP3 players. While these developments are readily 
welcomed by consumers, it is very difficult to enforce copyright in audio and video 
recordings when these can be downloaded so easily, and this can result in a. 
significant loss of revenue to the companies that make and release these recordings, 
as well as to the authors and performers of the recorded works. Traditionally, audio 
and video recordings have been sold to the public in the form of data carriers such as 
compact discs and the like, the distribution of which was heretofore relatively easy to 
control. This is no longer thg case,- and there is consequently a need to provide some 
form of control over the distribution of authentic recordings. 

The problem is compounded by the fact that many data files which can be 
downloaded by a consumer at no cost from potentially inauthentic i sources may 
contain viruses or Trojan horses which can infect and(Jd§rip^gp 0n sumer’s 
computer or network. This can have devastating and expensive consequences, and is 

a high price to pay just to obtain free data files. 


30 
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It is apparent that there is a need to provide a method and system for the secure 
transfer of data files from authentic sources, whereby a data file provider can provide 
an assurance to consumers that the data files thus provided are free of viruses and 
Trojan horses. Furthermore, there is a need to provide some way of raising revenue 
5 for the data file provider and the authors and performers of the works provided by the 
data file provider. 

According to a first aspect of the present invention, there is provided a method of 
transferring a data file from a first computer having a first telecommunications 
10 address to a second computer having a second telecommunications address, 
comprising the steps of: - 

i , .. ■ * ... 

i) transmitting a request for the data file from the second computer to the first 
computer, the request including data identifying the data. Tile and the second 

15 telecommunications address; ; ' r; 

ii) in the first computer, wrapping or encrypting the data file within an 
executable file adapted to unwrap or decrypt the data file only upon activation by a 
unique key code; 

20 

iii) assigning a unique identification string to the executable file in the first . 
computer, the unique identification string being further associated in the first 
computer with the second telecommunications address; 

25 iv) transmitting the executable file and the unique identification string from the 
first computer to the second computer; 

v) causing a message to be displayed by the second computer showing the 
unique identification string and requesting a user to call a predetermined telephone 
30 number from a telephone operated by the user; 
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vi) receiving a telephone call from the telephone operated by the user, 
determining its telephone number and receiving the unique identification string from 
the user; 

5 vii) in the first computer, generating a pseudorandom string, associating the 
pseudorandom string with the unique identification string and the telephone number 
of the telephone operated by the usfer, and transmitting the pseudorandom string to 
the telephone operated by the user; 

10 viii) applying a mask code, known to the user and to the. first computer, to the 
pseudorandom identification string so as to generate a volatile identification code in 
accordance with predetermined rules; 

ix) transmitting the volatile identification code to the first computer, either from 
15 the telephone operated by the user in which case the volatile identification code is 

transmitted together with the telephone number of the telephone operated by the user, 
or from the second computer in which case the volatile identification code is 
transmitted together with the second telecommunications address, the telephone 
number or the second telecommunications address respectively serving to identify the 
20 second computer, the user and the executable file; 

x) in the first computer, checking that the volatile identification code matches a 
volatile identification code generated therein by applying the mask code to the 
pseudorandom string and, if so; 

25 

xi) transmitting the key code to the second computer so as to enable the 

! 

executable file to unwrap or decrypt the data file and to install this on the second 
computer. 

30 For the avoidance of doubt, the expressions “first compUter’’ r ;^-^sed<md-computer” 
are not to be understood as being limited to first and second; stand-alone computer 
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devices, but are intended to encompass'first and/or second computer networks, such 
as local or wide area networks and the like, as well as portable computers such as 
personal digital assistants and third (or subsequent) generation mobile telephones or 
communicators 
5 

In this first preferred embodiment, the first computer generally has stored therein a 
library of different data files, each of which may have a permanent identification 
code different from the unique identification string, which is individually generated 
for each executable file upon respective generation thereof. The permanent 
10 identification codes are provided so as to allow a user of the second computer to 
browse through the library of data files and to select data files for transmission. The 
library of data files may be remotely browsable from the second computer by way of 
a website or the like hosted by or otherwise linked to the first computer. 

15 When the user has made his selection, for example by way of the wesbsite, selection 
information together with information identifying the second Computer, for example 
an Internet Protocol (IP) address, is transmitted to the first computer. The first 
computer then waps or encrypts the selected data file in the executable file in a 
manner which is known to those of ordinary skill in the art and assigns a unique 
20 identification string to the executable file. The unique identification string may 
include characters which identify the data file'in a way which is meaningful to a 
human being. For example, where the data file is an MP3 audio file of a particular 
piece of music, the identification string may include characters which spell out a title 
of the piece of music. The unique identification string, in addition to identifying the 
25 executable file, also enables the first computer to identify the second computer and/or 
the user and/or the telephone operated by the user by correlating this data with the 
unique identification string in the first computer. 

Instead of the first computer having stored therein the library of data files, the library 
30 of data files may be stored on and browsed by way of a third computer separate from 
the first and second computers. When a user makes a selection frohu the library, the 
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third computer is then arranged to generate the unique identification siring and to 
transmit this, together with the data file and the information identifying the second 
computer, such as an IP address, to the first computer by way of a 
telecommunications link. The data file is then wrapped or encrypted in the 
5 executable file at the first computer as discussed above. • 

The executable file and the unique identification string are then transmitted from the 
first computer to the second computer by way of a modem or Internet link. When 
they arrive at the second computer, a message may be displayed so as to alert a user 
10 that the executable file and the unique identification string have arrived. In a 
preferred embodiment, the message prompts the user to make a telephone call to a 
predetermined telephone number, either by way of a landline telephone or, more 
preferably, by way of a mobile telephone. When the user calls the predetermined 
telephone number, the telephone number of the telephone operated by the user is 
15 automatically determined by known means aiid the user is then asked to give the 
unique identification string so as to enable the executable file to be correlated in the 
first computer with the telephone number of the telephone operated by the user. 

In a particularly preferred embodiment, when the user Calls the predetermined 
20 telephone number with details of the unique identification string, a charge is made to 
the user’s telephone account in respect of the data file requested from the first 
computer. This charge can be collected by the provider of die data file by way of a 
prearranged contract with a telephone service provider to which the user subscribes. 
Charging protocols of this type are already known in relation to vending machines 
25 which may be operated by way of a mobile telephone, whereby a user makes a 
selection from the vending machine, calls a predetermined telephone number with 
details of his or her selection, and the vending machine is then activated to dispense 
the selection to the user while a charge is made to the user’s telephone account so as 
to pay for the selection. 

30 


5 




The first computer then generates a pseudorandom string, correlates this with the 
unique identification string (and thereby with the executable file, and data , identifying 
the user, e.g. the telephone number of the telephone operated by the user or the IP 
address of the second computer), and then transmits the pseudorandom string to the 
5 telephone operated by the user, for example by way of a short messaging service 
(SMS) message,. 

The user then applies the mask code, which in a preferred embodiment comprises the 
last four digits of the telephone number of the telephone operated by the user but 
10 which may comprise any predetermined combination of digits from the telephone 
number or another prearranged numerical string, to the pseudorandom string so as to 
generate a volatile identification code in accordance with predetermined rules, further 
details of which are provided below. The volatile identification code is then 
transmitted by the user to the first computer, either by way of, for example, an SMS 
15 message from the telephone operated by the user or by-way of the second computer 
and an Internet or modem link. When transmitting the volatile identification code by 
either of these routes, further data identifying the user and hence the particular data 
file transaction is also transmitted so as to enable the first computer to identify the 
transaction to which the volatile identification code relates. These further data.may 
20 comprise the telephone number of the telephone operated by- the user or the IP 
address of the second computer, both of which are correlated in the first computer 
with the unique identification string and hence the particular transaction. 

When the first computer receives the volatile identification code and the associated 
25 data identifying the transaction, it performs a check to see that the volatile 
identification code matches a volatile identification code generated independently in 
the first computer by applying the mask code to the pseudorandom string. If the 
volatile identification codes are found to match, safe receipt of the executable file is 
thereby confirmed to the first computer. 
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The first computer then transmits the key code to the second computer,, generally by 
way of and Internet or modem link. Upon receipt of the key cpdefat the second 
computer, the executable file is enabled so as to unwrap or decrypt the data file and 
to install this on the second computer for use by-the user. The key code is preferably 
5 a unique code generated within the executable file when it is first compiled and 
distributed, but not transmitted therewith. 

When the data file is installed on the second computer, the executable file may be 
adapted to install the data file only in a specific memory location within the second 
10 computer. For example, the executable file may ask the operating system of the 
second computer (e.g. DOS) for a free memory location (e.g. a diskvolume name) 
and any other necessary system parameter and will then install the data file to this 
memory location, generally in read-only format. 

15 In a particularly preferred embodiment, the installation process at the second 
computer generates an electronic certificate which authenticates the origin of the data 
file and also registers the data file to the user. The electronic certificate may include 
details of, say, the IP address of the second computer, details identifying the data file 
and the memory location where it is stored in the second computer. The electronic 
20 certificate is displayed when the data file is first installed* and may also be displayed 
each subsequent time that the data file is opened by the user, ,It is preferred that the 
data file is stored at the memory location in a protected read-only format, and that it 
can only be opened from that memory location with simultaneous at least temporary 
display of the electronic certificate. In this way, the data file is protected from 
25 infection by viruses which may enter or be present in the second computer, since the 
data file is locked and owned by itself within the memory of the second computer. 

The electronic certificate may also contain further details, such as a system time and 
date in real time when activated, various copyright identifiers and registered trade 
30 marks relating to the provider of the data file and/or the executable file, identification 
details of the second computer (such as its IP address) and identification details of the 
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data file. Some or all of these details may be merged into a short animation 
watermark image (which may nominally be animated at a speed of 16 frames per 
second and shown for several seconds), and a sound file relating , to the title of the 
data file may also be generated and activated upon opening the. data file. The 
5 watermark image is difficult to recreate by counterfeit measures, .and thereby helps to 
guarantee that the data file is from an authorised source, free from viruses and . 
licensed to an authorised user. It is intended that the charge raised for use of the data 
file is low enough so as to make forgery of the electronic certificate not worthwhile. 

10 Referring now to the mask code, this may take various forms. In a currently 
preferred embodiment, a person is issued with or selects a four digit numerical string, 
for example 3928, analogous to the well-known PIN codes currently used when 
operating automated teller machines (ATMs). However, different lengths of mask 
code may be used as appropriate. In a particularly preferred embodiment, the mask 

15 code is based on the digits of the telephone number of the telephone from which the 
user calls the predetermined telephone number with details of the identification string 
and the volatile identification code. For example, the mask code may be set as the 
last four digits of the user’s telephone number, say 3928. 

20 In order to generate the volatile identification code, the user or the first or second 
computer takes the first digit of the mask code, in this example 3, and notes the 
character in third position (say from left,to right) along the identification string. The 
user or computer then takes the second digit of the mask code, in this example 9, and 
notes the character in ninth position along the identification string, and so on for the 

25 digits 2 and 8 of the mask code. The characters selected from the identification string 
form the volatile identification code which is used for secure identification purposes. 
The prime security feature is that the mask code is never transmitted between the 
computers and/or the telephone, and is thus safe from interception by unauthorised 
third parties. 

30 
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It will be apparent that in the embodiment described hereinabove, the identification 
string must be at least ten characters long, since a mask code made up of the numbers 
0 to 9 requires at least ten positions along the identification string to be functional. 
However, a person of ordinary skill will appreciate that different mask codes and 
5 string lengths may be used as required by selecting appropriate coding schemas. It is 
to be emphasised that the identification string assigned to the executable file by the 
first computer in response to a request for the data file Will be different for each 
request, and that it will therefore be extremely difficult to determine a given mask 
code given a series of potentially interceptable identification strings and volatile 
10 identification codes. 

For a better understanding of the present invention and to show how it may be carried 
into effect, reference shall now be made, by way of example, to the accompanying 
drawings in which: 

15 

FIGURE 1 is a flow diagram depicting one arrangement of the present invention; 

FIGURE 2 shows a user operating the second computer; 

20 FIGURE 3 shows a display on the second computer offering a data file for transfer 
thereto; 

FIGURE 4 shows a display on the second computer prompting the user to call in with 
the unique identification string; 

25 

FIGURE 5 shows the user calling in with the unique identification string; 

FIGURES 6 and 7 show the pseudorandom string being transmitted to the user’s 
telephone and illustrate the application of the. mask code thereto so as to generate the 
30 volatile identification code; 
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FIGURE 8 shows a display on the second computer prompting the user'to input the 
volatile identification code; 

FIGURE 9 shows a display on the second computer as the executable file is being 
operated so as to unwrap or install the data file; and 

FIGURE 10 shows an electronic certificate displayed on the second computer when 
the data file has been unwrapped or installed. 


P45208.spc 



I (ID 

TAK Application - PROVIDF.NCF/R 



Black Box integrated 
or Remote Server 
verificatjonprocesa 

Unlock TAK is storedwitkmd^loymmtsqipKcatimafte Confirm TAK receded. 
Disc Volume name or system. ID check at unpack and openpxocess. 

Only correct ID check instigates providence file upack 
No Providence output means: Not Cfcigmal and Posi>fe Virus. 


\ 


! 







































f'-v 

















































































n (\ o 








































